252435 2023-02-16 15:02:35 -0800 [GTK] gdk_memory_texture_new: assertion 'width > 0' failed in cairoSurfaceToGdkTexture 2024-02-01 07:45:44 -0800 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build PC Linux RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=258918 P2 Normal --- 1 mcatanzaro mcatanzaro bugs-noreply mcatanzaro oldest_to_newest 1934335 0 mcatanzaro 2023-02-16 15:02:35 -0800 Reproducer: visit https://dor.mo.gov/forms/?formName=&category=&year=99 and wait until the page loads. It will hit a critical: #0 _g_log_abort (breakpoint=1) at ../../../../Projects/glib/glib/gmessages.c:558 #1 0x00007f6466d6d739 in g_logv (log_domain=0x7f6466735efb "Gdk", log_level=G_LOG_LEVEL_CRITICAL, format=0x7f6466dec60f "%s: assertion '%s' failed", args=0x7ffd73989de8) at ../../../../Projects/glib/glib/gmessages.c:1418 #2 0x00007f6466d6d830 in g_log (log_domain=0x7f6466735efb "Gdk", log_level=G_LOG_LEVEL_CRITICAL, format=0x7f6466dec60f "%s: assertion '%s' failed") at ../../../../Projects/glib/glib/gmessages.c:1460 #3 0x00007f6466d7088d in g_return_if_fail_warning (log_domain=0x7f6466735efb "Gdk", pretty_function=0x7f6466736080 <__func__.2> "gdk_memory_texture_new", expression=0x7f6466735ef1 "width > 0") at ../../../../Projects/glib/glib/gmessages.c:2930 #4 0x00007f64665a3cce in gdk_memory_texture_new (width=0, height=0, format=GDK_MEMORY_B8G8R8A8_PREMULTIPLIED, bytes=0x110c6e0, stride=0) at ../../../../Projects/gtk/gdk/gdkmemorytexture.c:150 #5 0x00007f6463ae646a in WebCore::cairoSurfaceToGdkTexture ( surface=surface@entry=0x7f6465c6dbe0 <_cairo_surface_nil_invalid_size.lto_priv.0>) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp:56 #6 0x00007f64622c5e86 in webkit_web_view_get_snapshot_finish (webView=<optimized out>, result=0x1a38400, error=0x7ffd73989fd0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4897 #7 0x00007f6466f050f6 in on_snapshot_ready (web_view=0x74e6e0, result=0x1a38400, task=0x1b2b480) at ../../../../Projects/epiphany/lib/ephy-snapshot-service.c:425 #8 0x00007f6466add58a in g_task_return_now (task=0x1a38400) at ../../../../Projects/glib/gio/gtask.c:1309 #9 0x00007f6466add6d6 in g_task_return (task=0x1a38400, type=G_TASK_RETURN_SUCCESS) at ../../../../Projects/glib/gio/gtask.c:1378 #10 0x00007f6466ade2df in g_task_return_pointer (task=0x1a38400, result=0x7f6465c6dbe0 <_cairo_surface_nil_invalid_size.lto_priv.0>, result_destroy=0x7f6465bf07a0 <INT_cairo_surface_destroy>) at ../../../../Projects/glib/gio/gtask.c:1812 #11 0x00007f64622c943d in webkit_web_view_get_snapshot::$_9::operator() (handle=..., this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4867 #12 WTF::Detail::CallableWrapper<webkit_web_view_get_snapshot::$_9, void, WebKit::ShareableBitmapHandle const&>::call (this=0x7f645200c0f0, in=...) at WTF/Headers/wtf/Function.h:53 #13 0x00007f646222dbe7 in WTF::Function<void (WebKit::ShareableBitmapHandle const&)>::operator()(WebKit::ShareableBitmapHandle const&) const (in=..., this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #14 WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>::operator()(WebKit::ShareableBitmapHandle const&) (this=0x7f645200c328, in=...) at WTF/Headers/wtf/CompletionHandler.h:75 #15 std::__invoke_impl<void, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, WebKit::ShareableBitmapHandle>(std::__invoke_other, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, WebKit::ShareableBitmapHandle&&) (__f=..., __args=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/invoke.h:61 #16 std::__invoke<WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, WebKit::ShareableBitmapHandle>(WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, WebKit::ShareableBitmapHandle&&) (__fn=..., __args=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/invoke.h:96 #17 std::__apply_impl<WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, std::tuple<WebKit::ShareableBitmapHandle>, 0ul>(WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, std::tuple<WebKit::ShareableBitmapHandle>&&, std::integer_sequence<unsigned long, 0ul>) (__f=..., __t=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/tuple:1852 #18 std::apply<WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>, std::tuple<WebKit::ShareableBitmapHandle> >(WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&, std::tuple<WebKit::ShareableBitmapHandle>&&) (__f=..., __t=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/tuple:1863 #19 IPC::Connection::callReply<Messages::WebPage::TakeSnapshot, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)> >(IPC::Decoder&, WTF::CompletionHandler<void (WebKit::ShareableBitmapHandle const&)>&&) (decoder=..., completionHandler=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.h:704 #20 0x00007f64621a3c26 in WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const (in=0x0, this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #21 WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) (this=<optimized out>, in=0x0) --Type <RET> for more, q to quit, c to continue without paging--c at WTF/Headers/wtf/CompletionHandler.h:75 #22 WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::Connection::AsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1::operator()(IPC::Decoder*) (this=<optimized out>, decoder=0x0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:219 #23 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::Connection::AsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Decoder*>::call(IPC::Decoder*) (this=<optimized out>, in=0x0) at WTF/Headers/wtf/Function.h:53 #24 0x00007f6462142485 in WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const (in=0x7f6452118270, this=<optimized out>) at WTF/Headers/wtf/Function.h:82 #25 WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) (this=0x7ffd7398a178, in=0x7f6452118270) at WTF/Headers/wtf/CompletionHandler.h:75 #26 IPC::Connection::dispatchMessage (this=0x7f645215c1a0, decoder=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1179 #27 0x00007f6462142606 in IPC::Connection::dispatchMessage (this=0x7f645215c1a0, message=std::unique_ptr<IPC::Decoder> = {...}) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1245 #28 0x00007f6462142b82 in IPC::Connection::dispatchIncomingMessages (this=0x7f645215c1a0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1355 #29 0x00007f6460eba31c in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:82 #30 WTF::RunLoop::performWork (this=0x7f64520100e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:147 #31 0x00007f6460f1b8c6 in WTF::RunLoop::RunLoop()::$_1::operator()(void*) const (userData=0x1, userData@entry=0x7f64520100e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #32 WTF::RunLoop::RunLoop()::$_1::__invoke(void*) (userData=0x1, userData@entry=0x7f64520100e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:79 #33 0x00007f6460f1adfa in WTF::RunLoop::$_0::operator() (source=0x7717c0, callback=0x7f6460f1b8c0 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7f64520100e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #34 WTF::RunLoop::$_0::__invoke (source=0x7717c0, callback=0x7f6460f1b8c0 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7f64520100e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #35 0x00007f6466d6071b in g_main_dispatch (context=0x732a90) at ../../../../Projects/glib/glib/gmain.c:3460 #36 0x00007f6466d6168f in g_main_context_dispatch (context=0x732a90) at ../../../../Projects/glib/glib/gmain.c:4200 #37 0x00007f6466d61882 in g_main_context_iterate (context=0x732a90, block=1, dispatch=1, self=0x738950) at ../../../../Projects/glib/glib/gmain.c:4276 #38 0x00007f6466d61946 in g_main_context_iteration (context=0x732a90, may_block=1) at ../../../../Projects/glib/glib/gmain.c:4343 #39 0x00007f6466b1edc2 in g_application_run (application=0x777240, argc=1, argv=0x7ffd7398a668) at ../../../../Projects/glib/gio/gapplication.c:2573 #40 0x0000000000404d48 in main (argc=1, argv=0x7ffd7398a668) at ../../../../Projects/epiphany/src/ephy-main.c:434 1934348 1 mcatanzaro 2023-02-16 15:15:48 -0800 So an initial fix is: diff --git a/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp b/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp index 299bea86401d..43c20263e429 100644 --- a/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp +++ b/Source/WebCore/platform/graphics/gtk/GdkCairoUtilities.cpp @@ -48,6 +48,8 @@ GRefPtr<GdkTexture> cairoSurfaceToGdkTexture(cairo_surface_t* surface) ASSERT(cairo_image_surface_get_format(surface) == CAIRO_FORMAT_ARGB32); auto width = cairo_image_surface_get_width(surface); auto height = cairo_image_surface_get_height(surface); + if (width <= 0 || height <= 0) + return nullptr; auto stride = cairo_image_surface_get_stride(surface); auto* data = cairo_image_surface_get_data(surface); GRefPtr<GBytes> bytes = adoptGRef(g_bytes_new_with_free_func(data, height * stride, [](gpointer data) { But then Epiphany crashes later on in ephy_snapshot_service_prepare_snapshot() in basically the same way, and it doesn't look like Epiphany, fault. Problem is webkit_web_view_get_snapshot_finish() can return nullptr without setting the error parameter. I think we should set WEBKIT_SNAPSHOT_ERROR_FAILED_TO_CREATE error when returning nullptr, does that sound OK? 1934765 2 mcatanzaro 2023-02-17 16:17:32 -0800 Pull request: https://github.com/WebKit/WebKit/pull/10310 2009735 3 ews-feeder 2024-02-01 07:45:41 -0800 Committed 273907@main (39559cbd2d25): <https://commits.webkit.org/273907@main> Reviewed commits have been landed. Closing PR #10310 and removing active labels.